diff options
| author | jim-p <jimp@pfsense.org> | 2012-03-06 14:30:41 -0500 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2012-03-06 14:30:41 -0500 |
| commit | a4271d123439e022b92a522c32fd70f3feeece3f (patch) | |
| tree | 8cf9fb9c6d1fc3a587a04d955dd419f18957056c /etc/inc/openvpn.inc | |
| parent | e5d8aeb6f84d60abb4ba2021724f51f4f98439a7 (diff) | |
| download | pfsense-a4271d123439e022b92a522c32fd70f3feeece3f.zip pfsense-a4271d123439e022b92a522c32fd70f3feeece3f.tar.gz | |
Be more intelligent when managing OpenVPN client connections bound to CARP VIPs. If the interface is in BACKUP status, do not start the client. Add a section to rc.carpmaster and rc.carpbackup to trigger this start/stop.
If an OpenVPN client is active on both the master and backup system, they will cause conflicting connections to the server. Servers do not care as they only accept, not initiate.
Diffstat (limited to 'etc/inc/openvpn.inc')
| -rw-r--r-- | etc/inc/openvpn.inc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/etc/inc/openvpn.inc b/etc/inc/openvpn.inc index 777b395..5369393 100644 --- a/etc/inc/openvpn.inc +++ b/etc/inc/openvpn.inc @@ -625,6 +625,10 @@ function openvpn_restart($mode, $settings) { if (isset($settings['disable'])) return; + /* Do not start if we are a CARP backup on this vip! */ + if ((substr($settings['interface'], 0, 3) == "vip") && (get_carp_interface_status($settings['interface']) == "BACKUP")) + return; + /* start the new process */ $fpath = $g['varetc_path']."/openvpn/{$mode_id}.conf"; mwexec_bg("/usr/local/sbin/openvpn --config {$fpath}"); |
